US prosecutors have charged a man with stealing data relating to 130 million credit and debit cards. Officials say it is the biggest case of identity theft in American history.

They say Albert Gonzales, 28, and two unnamed Russian co-conspirators hacked into the payment systems of retailers, including the 7-Eleven chain.

Prosecutors say they aimed to sell the data on. If convicted, Mr Gonzales faces up to 20 years in jail for wire fraud and five years for conspiracy. He would also have to pay a fine of $250,000 (£150,000) for each of the two charges.

Gonzales used a complicated technique known as an “SQL injection attack” to penetrate networks’ firewalls and steal information, the US Department of Justice said.

According to the indictment, the group researched the credit and debit card systems used by their victims, attacked their networks and sent the data to computer servers they operated in California, Illinois, Latvia, the Netherlands and Ukraine. The data could then be sold on, enabling others to make fraudulent purchases, it said.

Facebook has been working to clean up its site after its 200 million members were targeted by hackers. Facebook spokesperson Barry Schnitt wouldn’t comment on how many accounts had been hit but he did confirm it was blocking any that had been compromised.

The hackers used a common “phishing” scam to get hold of users’ passwords. After breaking in to people’s Facebook accounts they sent out emails to friends of members asking them to click on links to fake websites.

The sites are designed to look like legitimate pages from Facebook but have been set up and are controlled by the hackers. Then it’s a simple case of tricking users into handing over all sorts of details from passwords to e-mail addresses.

All of this is done with the overall aim of being able to provide lists of addresses which can then be targeted to help spread spam.

Almost two million PCs globally, including machines inside UK and US government departments, have been taken over by malicious hackers.

Security experts Finjan traced the giant network of remotely-controlled PCs, called a botnet, back to a gang of cyber criminals in Ukraine.

Several PCs inside six UK government bodies were compromised by the botnet.

Finjan has contacted the Metropolitan Police with details of the government PCs and it is now investigating.

A spokesman for the Cabinet Office, which is charged with setting standards for the use of information technology across government, said it would not comment on specific attacks “for security reasons”.

“It is Government policy neither to confirm nor deny if an individual organisation has been the subject of an attack nor to speculate on the origins or success of such attacks.”

He added: “We constantly monitor new and existing risks and work to minimise their impact by alerting departments and giving them advice and guidance on dealing with the threat.”

The start of the Olympics has proved irresistible to cyber criminals, say security firms.

The volume of junk e-mail messages with an Olympic theme spiked prior to the opening ceremony, said Symantec.

The malicious messages try to trick people into visiting fake sites or opening booby-trapped email attachments, say other firms.

Some messages falsely claim users have won an Olympic lottery and encourage them to respond to claim their prize.

“The Beijing Olympics is gearing up to be one of the biggest events of the year and hackers and spammers will see it as a massive opportunity to compromise the unwary,” said Con Mallom, a spokesman for Symantec.